From owner-freebsd-audit Sat Jan 8 3:13:12 2000 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id E61351510E; Sat, 8 Jan 2000 03:13:10 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id D92531CD82D; Sat, 8 Jan 2000 03:13:10 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sat, 8 Jan 2000 03:13:10 -0800 (PST) From: Kris Kennaway To: Brad Knowles Cc: audit@freebsd.org Subject: Re: Ping? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 5 Jan 2000, Brad Knowles wrote: > I'm still interested, but I need some assistance in determining > how I would be able to apply my skills in a useful manner. The first thing we should probably do, which I've started here myself, is to finally go through the entire OpenBSD cvs repository and merge over all of their remaining fixes. I'm about halfway through bin/ after a day or two's work. Of course, this is no substitute for auditing the code ourselves (if nothing else, our codebase is slightly divergent from theirs), which will also be done, but it's a good way to get most of the problems fixed quickly. The ports tree should also have some sort of attention paid to it - I need to bug Satoshi to provide a list of set[gu]id files from bento. The most helpful thing for you to do is to become familiar with how to identify and fix buffer overflows, race conditions and other common security pitfalls - there were a few references posted in the early days of this list which you should be able to dig out (I probably still have the posts if theyre not archived) otherwise I can hunt down a more comprehensive list of references. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message